If you already know that Sysmon can monitor your system AND you see value in doing so… it’s the right time to explore Sysmon customization options. In particular its configuration file, which controls how Sysmon works. In this episode of CQURE Hacks Weekly, you’ll learn how to build such file in a way that makes Sysmon do exactly what you need from it.

Today, we’re going to talk about Sysmon which was written by Mark Russinovich and Thomas Garnier. You can get this pretty amazing tool from sysinternals.com. Sysmon can be useful for you because it provides a pretty detailed monitoring about what is happening in the operating system, starting from process monitoring, going through monitoring all the network and ending up with a discovery of the different types of exploitation techniques.